[prev in list] [next in list] [prev in thread] [next in thread]
List: sentry
Subject: Re: [Abacus] Portsentry and Trusted Servers
From: Ben Ricker <bricker () wellinx ! com>
Date: 2001-05-17 16:21:05
[Download RAW message or body]
Bob Staaf wrote:
> Ben,
>
> In /etc you will find a file named portsentry.ignore. Add the IP
> addresses of the machines you want to trust there. It will ignore port
> scans from those IP addresses.
Thanks for the suggestion. I found that file in /usr/local/etc rather
/etc. I will see if it reads that file or not at the next logcheck. Do I
need to bounce Portsentry to have it reread the .ignore file?
Another question: the routes that it DID throw in there are resisting my
effort to remove them. I am running Redhat Linux 6.2 without iptables
support. So, I went the route deny method of shutting down the hacker.
However, I cannot remove the routes that it is now denying!
I tried:
'route del -host IP_ADD' and got the message:
"SIOCDELRT: No such process"
as well as 'route del IP_ADD' and route del -host IP_ADD netmasj
255.255.255.255', etc. All failed.
Since this is a production server, I would rather not flush the routing
table since it will also flush my gateway route, bringing the server
down for a minute or so.
Any ideas?
Ben Ricker
System Administrator
Wellinx.com
_______________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic